Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
- From: Thierry Zoller <Thierry@xxxxxxxxx>
- Date: Sat, 16 May 2009 01:21:43 +0200
FYI: IIS7 + Webdav seems not to be affected
I can't stress enough that this is not a simple auth bypass only -
You can _upload_ arbritary data to the server.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Spreadsheet Buffer Overflow Vulnerabilities
- Next by Date: [Full-disclosure] WinAppDbg module v1.1 is out!
- Previous by thread: Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
- Next by thread: Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009